Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

Deterrence and prevention-based model to mitigate information security insider threats in organisations

Safa, Nader Sohrabi, Maple, Carsten, Furnell, Steve, Azad, Muhammad Azad, Perera, Charith, Dabbagh, Mohammad and Sookhak, Mehdi 2019. Deterrence and prevention-based model to mitigate information security insider threats in organisations. Future Generation Computer Systems 97 , pp. 587-597. 10.1016/j.future.2019.03.024

[thumbnail of Manuscript File_Charith.pdf]
PDF - Accepted Post-Print Version
Download (540kB) | Preview


Previous studies show that information security breaches and privacy violations are important issues for organisations and people. It is acknowledged that decreasing the risk in this domain requires consideration of the technological aspects of information security alongside human aspects. Employees intentionally or unintentionally account for a significant portion of the threats to information assets in organisations. This research presents a novel conceptual framework to mitigate the risk of insiders using deterrence and prevention approaches. Deterrence factors discourage employees from engaging in information security misbehaviour in organisations, and situational crime prevention factors encourage them to prevent information security misconduct. Our findings show that perceived sanctions certainty and severity significantly influence individuals’ attitudes and deter them from information security misconduct. In addition, the output revealed that increasing the effort, risk and reducing the reward (benefits of crime) influence the employees’ attitudes towards prevent information security misbehaviour. However, removing excuses and reducing provocations do not significantly influence individuals’ attitudes towards prevent information security misconduct. Finally, the output of the data analysis also showed that subjective norms, perceived behavioural control and attitude influence individuals’ intentions, and, ultimately, their behaviour towards avoiding information security misbehaviour.

Item Type: Article
Date Type: Publication
Status: Published
Schools: Computer Science & Informatics
Subjects: Q Science > QA Mathematics > QA76 Computer software
Publisher: Elsevier
ISSN: 0167-739X
Date of First Compliant Deposit: 24 April 2019
Date of Acceptance: 8 March 2019
Last Modified: 15 Mar 2020 00:10

Citation Data

Cited 27 times in Scopus. View in Scopus. Powered By Scopus® Data

Actions (repository staff only)

Edit Item Edit Item


Downloads per month over past year

View more statistics